# Grant permissions to Amazon Service Catalog end users
<a name="getstarted-iamenduser"></a>

Before the end user can use Amazon Service Catalog, you must grant access to the Amazon Service Catalog end user console view. To grant access, you attach policies to the IAM user, group, or role that is used by the end user. In the following procedure, we attach the ****`AWSServiceCatalogEndUserFullAccess`**** policy to an IAM group.

**To grant permissions to an end user group**

1. Open the IAM console at [https://console.amazonaws.cn/iam/](https://console.amazonaws.cn/iam/).

1. In the navigation pane, choose **User groups**.

1. Choose **Create group** and do the following:

   1. For **User group name**, type **Endusers**.

   1. In the search field, type **AWSServiceCatalog** to filter the policy list.

   1. Select the checkbox for the ****`AWSServiceCatalogEndUserFullAccess`**** policy. You also have the option to choose ****`AWSServiceCatalogEndUserReadOnlyAccess`**** instead.

   1. Choose **Create Group**.

1. In the navigation pane, choose **Users**.

1. Choose **Add users** and do the following:

   1. For **User name**, type a name for the user.

   1. Select **Password - Amazon Management Console access**.

   1. Choose **Next: Permissions**.

   1. Choose **Add user to group**.

   1. Select the checkbox for the **Endusers** group and choose **Next: Tags** and then **Next: Review**.

   1. On the **Review** page, choose **Create user**. Download or copy the credentials and then choose **Close**.